Unix system administration has never been an easy task. Hewlett-Packard Co's version (HP-UX) includes a subsystem called SAM, for System Administration Manager. Contemporary versions of SAM include a graphical user interface arranged to make as friendly as possible the various system administration activities that are available with SAM. Examples of these activities include, but are not limited to, such things as adding and deleting users, maintaining groups of users, kernel maintenance, and configuration issues concerning peripheral devices. In a conventional unix system the user performing such administration activities must be the root user, who is also known as the super user, or "su". The super user has unlimited privileges with regard to the reading and writing of files, and with regard to what commands he or she may execute.
In large systems where there are many users, even routine system administration can be an onerous task for a super user. It would be desirable if certain collections of routine system administration tasks could be handled by those more closely concerned with using the system after it is modified. Unfortunately, however, it is most unwise to promote a large number people to super user; not only would it be bad for system security (in a privacy sense), but it could also compromise the operational integrity of the system. That is, an unskilled super user could inadvertently damage the configuration of the system or harm some data important to a user.
It would be desirable if there were an easy to use and general purpose way of designating users who are to have system administration privileges in varying degrees. That is, if there were an easy and general purpose way of specifying that users A, B and C are, for example, each able to do activity X, while B can also do activity Y and C alone can do activity Z. In general, it would be desirable to be able to grant the privilege of accessing, or executing, any particular collection of SAM activities to any particular user. Since some users may be granted more extensive privileges than others, we shall refer to this as graded access to system administration activities. Since we also strongly desire that there be no way that a devious user can parlay limited access into a more complete access, or even into full super user privileges, we shall term this "restricted access": a user should have the graded access he is given and be restricted to that and no more.
Finally, it would be desirable if such graded restricted access to the system administration activities afforded by SAM could be extended to other activities not presently found in SAM. That is, for other, perhaps more general purpose activities provided by third party software developers, or even end users themselves.
Naturally, the ability to create such graded restricted access must remain with the super user exclusively, and it must be easier to set up and maintain than the home brew alternatives already possible using the conventional capabilities of unix (e.g., creating a special setuid script for each user).